Server side polymorphism is a difficult challenge when creating anti-virus techniques. In server side polymorphism, a malware server generates different permutations of the same binary. The permutated version is then downloaded by a client side malware deployed on an infected end point. The new permutations version is used for further propagation, as anti-virus software may not yet recognize the new permutated version. To make contact with the server to download the new mutated version, the client side malware must use an unsuspecting computer's network connection. A server may unsuspectingly host the permutated malware to be downloaded, as it may have been commandeered by a malware server.
Other kinds of malware also need to “phone home” to a server as well. For example, downloaders may contact a server to download other binaries to initiate or continue attacks. Spyware, password stealers, and the like must contact a server to upload collected data. Some malware must contact a server in order to let an attacking process take control of the infected machine.
Malware may include the varieties described above. Malware may also include, but is not limited to, sources of spam, sources of phishing attacks, sources of denial-of-service-attacks, viruses, loggers, Trojans, adware, or any other digital content that produces unwanted activity.